Your car, your car’s data and you.

Today’s vehicles  are collecting data, whether it is validating that the vehicle is operating to standards, monitoring the drivers’ habits, or providing navigation. Some of this information is required by federal law and some is personally data to help you maintain your vehicle.

DATA REQUIRED BY US LAW

Clean Air Act Amendment 1990:

The EPA requires all vehicles built after 1996 must have On-Board Diagnostics (OBD). And newer vehicles have standardized computer systems (also known as OBDII). These continually monitor the electronic sensors of engines and emission control systems, includingClean Air buttons the catalytic converter, while the vehicle is being driven to ensure they are
working as designed.

Each OBD system is required to collect standard information that provides all current information and a snapshot of the same data take at the point when the last diagnostic trouble code was set.

National Highway Traffic Safety Administration (NHTSA):

Also collected driving information is the Event Data Recorder (EDR), similar to an airplane’s black box.  The EDR monitors the vehicle’s network of sensors for signs of a crash and stores a few seconds of the data stream, dumping and refreshing the information constantly. The type of information collected in the EDR varies among manufacturers, but it generally includes throttle and brake-pedal position, steering angle, yaw rate (the vehicle’s rotational velocity), speed, and impact-sensor data. This information is saved permanently following an airbag deployment and can be accessed through the OBD-II port by a technician using specialized equipment. No location data is stored in EDR.

EDRs have been used since the 1990s and have recently been standardized by the National Highway Traffic Safety Administration (NHTSA). EDRs are required equipment on all cars beginning in 2013, with the aim of making their data easier to obtain for crash investigations. Lawyers have used this data in court cases to demonstrate driver behavior during an accident.

EDREDR data

Non-regulated data from your vehicle

The diagnostics systems actually has open the field to collect all sorts of vehicle information. Allowing each manufacture to define additional modes for vehicle data collection. A modern car knows hwere you are, is constantily tracking your driving habits and may even be able to call for help if you have a crash, or your airbags deploy.

Though not part of the EPA’s OBD II standard, the diagnostic read-outs used by dealership technicians are also read through the OBD II connector. These service codes show you such things as knock sensor operation, FI pulse width, ignition voltage, individual cylinder misfires, transmission shift points and ABS brake condition. There can be over 300 readings available, depending on the vehicle manufacturer and model. Vehicles vary in the readings they will support. Scanners vary widely in the number of these signals that they can read. Some show just the basic OBD or OBD II signals, others show the full range of service codes.

Image result for dongle for your carThis is the type of information that can be gathered by the auto insurances via a ‘dongle‘, (see image). Think of this a Fitbit for your car: it measures input, output, distance, etc. A combination f the OBD and 2-way communication, the system lets companies like OnStar read the data and create reports about the driving history.With the help a hardware adapter and a mobile app, you can read the vehicle data your self.

This dongle is connected to your OBD port and records your driving experience: speed, breaking  habits; it will read any data the vehicle is collecting. It can tell if you are wearing your seat-belt, how many hours the car is driven, what hours it is being used and the locations it visits.

  • Shows real-time data. You can see everything from how fast you’re traveling, how hot your engine is, the voltage of your battery, and a bunch of other information that most people don’t really care about as you drive.
  • Maintains trip history. You can see a history of your trips and all the accompanying data, including how long the trip was, average mile per gallon.

Most navigation systems are separate from a car’s computer. Now a days manufactures are adding features to vehicles such as providing GPS; which can collect your routes, frequently visited locations. Most vehicles have a one-way GPS system streaming to the car. But with the additional of telematics systems in the car (think OnStar), 3rd parties now have the ability to see where you are, your driving speed. and what state your care is in mechanically.

If you think your mobile phone is the only device collecting your location, think again. Your Vehicle has the same data collection services as your smart phone (gaming console, smart watch, Go-Pro camera).

What can you do about the tracking for a new-car buyer?  Not much. Pay close attention to the terms in the user agreement for any telematics (cellular connection), and opt-out of the service.

The more you know about YOUR DIGITAL DATA the more you can control.

Here is what one OEM says:

We receive information about you through vehicle sales records provided by your dealer and we may obtain, with your consent, data obtained from your vehicle’s Event Data Recorder (“EDR”) as described in your owner’s manual (i.e., how various systems in your vehicle operate, the speed and distance of your vehicle). For additional information about EDR data, please see your owner’s manual. We also may obtain information about you and your vehicle from GM affiliates, GM dealers, GM licensees for consumer merchandise, GM credit card bank partners and other sources such as companies that provide lists of potential vehicle purchasers and current owners, if such companies are permitted to share your information with us pursuant to their privacy statements.

It’s becoming apparent that vehicles also collect a lot of interesting data on drivers themselves, placing their privacy at risk. Senator Markey found that most manufacturers collect data on customers, but often drivers are “not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation”.

 

 

 

 

Is your social media impacting your credit score?

Your social media posts are now scored to determine if you deserve a good credit score. Yes, I know it sounds like Minority Report, but it is happening today.

It’s no secret that a Facebook post can get you fired from a job or prevent you from getting a job in the future. This all comes back to the first impressions, even if they are driven by social media.

Sharing your life on social media is giving insight to credit companies regarding your willingness to repay and debit. “They say a clean image on Facebook shows customers can be trusted to repay their debt, while certain pictures and posts can show they can’t be trusted”

“If you look at how many times a person says ‘wasted’ in their profile, it has some value in predicting whether they’re going to repay their debt,” Will Lansing, Chief Executive at credit rating company FICO, told the Financial Times.

See Forbes article: October 23, 2015

Your credit score can cost you money in the long run, with less favorable interest rates on car or home loans. I’m not sure there is a proven theory today that your credit worthiness can be determined by your social media likes/dislikes and posts.

Here’s the bottom line: we all create a lot of digital data, some of it is very personal some of it is fun and entertaining. But if this data is going to be available for companies to determine if you are an ideal employee or if your interest rate should be at a premium, then we as individuals need to know more about our rights and access to this data. These companies include government, retailers, insurance agencies and employers.

If this data is creating $$ for big organizations, then we as owners/creators of this data need to:

  • understanding what data is being captured and how it being used
  • own our individual data – if this data is valuable to companies and being used for/against us– then we should have a solid say in how, where, when this information is passed.

Remember – if the product is free (Twitter, Facebook, etc) then you are the product (via data that is created and captured this can include locations, likes, activities).

 

Zip Code + Birthday = identification

All you need is a birthdate, a zip code and your gender to go from anonymous to identify.  These harmless pieces of information can give you enough information to be able to find or identify an individual.
Using these 3 pieces of information can unique identify 87% of the US population.

  • Our US population is 48% male and 52% female.
  • On the day you were born, there were approximately 11,500 other babies being born that day.
  • There is an average of 10,000 people in each zip code.

So in some very populated cities; New York, Chicago, you may find an individual that shares your exact information. (Or if you and your same sex twin still live together.)

Magnetic strip verse a Chip

What’s the difference between the credit card magnetic strip and the new chip?

The magnetic strip contains the exact information used to identify the card (see types of data below). The chip holds a piece of information that it doesn’t share, but that it can use to prove it has that information.

Thus, a magnetic stripe is dumb and can be copied, but since the chip doesn’t give out its secret, a vendor can’t simply copy it when you use it.

The chipped cards will be safer to use than the traditional credit, charge and debit cards that have only the familiar magnetic stripe along the back.

A magnetic stripe says “I’m credit card ABC.” when the point of sale asks the number. With a chip the point of sale says “what is your response to this random value?” and the chip gives a response that the point of sale can validate, but since the next point of sale will use a different random value, the response is useless to a thief

However, the new payment cards are not as safe as they could be. Chip cards are still vulnerable to online/card-not-present fraud.

Some of the data stored on your magnetic strip:

  • Primary account number(PAN) — up to 19 characters. Usually, but not always, matches the credit card number printed on the front of the card.
  • Name— 2 to 26 characters
  • Expiration date— four characters in the form YYMM.
  • Service code— three characters

Service code values common in financial cards:

First digit

1: International interchange OK

2: International interchange, use IC (chip)where feasible

5: National interchange only except under bilateral agreement

6: National interchange only except under bilateral agreement, use IC (chip) where feasible

7: No interchange except under bilateral agreement (closed loop)

9: Test

Second digit

0: Normal

2: Contact issuer via online means

4: Contact issuer via online means except under bilateral agreement

Third digit

0: No restrictions, PIN required

1: No restrictions

2: Goods and services only (no cash)

3: ATM only, PIN required

4: Cash only

5: Goods and services only (no cash), PIN required

6: No restrictions, use PIN where feasible

7: Goods and services only (no cash), use PIN where feasible

 

 

 

How many times has YOUR DIGITAL DATA been exposed?

The New York Times: How many times has your personal information been exposed to hackers?

The NYT has put together an interactive assessment tool to highlight a problem that a reader may only passively consume.

  • Participants answer a series of questions about jobs they’ve applied for, online services they’ve signed up for, who their health insurance providers have been, and at which retailers they’ve used credit or debit cards.
  • As they do that, the assessment tool dynamically updates a tally of how many times different pieces of the participant’s personal information have been exposed to hackers.

It makes the story come alive — and makes it very personal to each reader.

  • At the end of the assessment, The New York Times gives you links to both the stories they’ve published on each individual hacking and, more importantly, links to the announcements from the companies that were hacked, which often include remediation options for those affected.

Lose my number, buster! Receiving pesky phone calls?

One stop shopping.  There is only one Do Not Call list for both land/house lines and mobile phones.

https://www.donotcall.gov/

This list is maintained by the US Federal government and all companies that use telemarketing for business must abide by these rules. Once your number is on the list, all companies have up to 30 days to remove you from their list.

Use the same link to submit a complaint if you receive a unsolicited call 30 days after you signed up.

What will happen after you register, will it stop all telemarketing calls?

No. Placing your number on the National Do Not Call Registry will stop most telemarketing calls, but not all. Because of limitations in the jurisdiction of the FTC and FCC, calls from or on behalf of political organizations, charities, and telephone surveyors would still be permitted, as would calls from companies with which you have an existing business relationship, or those to whom you’ve provided express agreement in writing to receive their calls. However, if you ask a company with which you have an existing business relationship to place your number on its own do-not-call list, it must honor your request.  You should keep a record of the date you make the request.

 

Whats behind Mobile Opt-In?

Most mobile programs require a ‘double opt-in’.

Here is what it is and why it is there:

In order for someone to start to receive text messaging they must opt in for the communications. This opt in process is different between email on mobile/text messaging. This is due to the cost of text messaging and mobile plans. Remember not all text messaging plans are created equal, there are still mobile phone plans out there that charge per text message. To prevent unnecessary costs to the consumer there is a double opt in rule to ensure the subscriber is aware of what they are signing up for. This also helps prevent spam onto your phone

In order for a company to send you a text messaging or IMs (different than a mobile apps) you must agree to 2 things:

  1. enroll into the mobile program (subscribe)
  2. and validate that the mobile number that was given is in fact your mobile number.  Usually the users is required to text ‘Y’ or ‘Yes’ back to the confirmation text – this would be your second opt in.

Mobile communication subscriptions work a little different than email subscriptions. Due to the cost structure when you enroll into a mobile program, you are only enrolling into a single program. Unlike email, when you subscribe to receive emails from retailer – your email is enrolled into all the retailers email programs. *Mobile requires the user to opt into every program individually.

Ideally this mechanism should be sufficient to establish the subscriber’s willingness to participate in the program and possession of the handset/device. The opt-in applies to the specific program and should not be used as a blanket approval to promote other programs, products or services.

When you opt out of the mobile program, the return messaging should reference the specific program the subscriber has opted-out from. No further messages should be sent to the subscriber from this program, including marketing messages for any related or unrelated programs

* email programs – plural, this is what we call in the industry global opt in and local opt out

Where you at? A little lesson on tracking

So many saw this news article on NBC News last week. And so many people have been re-posting and sharing.  Even my parents discussed it with their friends last night at a BBQ on the lake. This morning, text messages were sent with instructions to the group – on how to turn this tracking off!

Is Your Smartphone Tracking Where You Go?

Its not just your smartphone device that is tracking you: So many things in your life have the ability to track us – not just our phones. These are your digital footprints. Various apps also capture tracking details, not just your phone. Think fitness trackers, even Facebook. Digital photos capture more than where the photo was taken, it includes facial recognition/tagging tracking who was with you, dates lat/long, type of device, etc. Today’s connected cars are doing the same thing as your smartphone. And with the latest Wi-fi enabled cars – the car not only tracks where you go, but who is with you.

So the next time you are asked for permission to ‘use your current location, or update your settings so that locations are turned on’; you can reconsider what that really means to your privacy. Is the convenience factor enough of a value exchange for us that you will allow this app to know your location now and later on.

Anything that connects to the internet or has its own GPS tracking has the ability to know where you are and most likely save that information.

If it’s free, you are the product. Are you giving it away for free?

I love this TED video. Although it pushes for what the email privacy could look like in the future; it highlights the free point. If you are not buying/paying for the service, you are the product. These free services may not cost you in $$, but there is a value exchange. You get a free service, the provider gets data insight into your interests, and in turn creates/sells targeted advertising based on your data. Innocent – probably. Greedy – definitely.

TED video: Andy Yen: Think your email’s private? Think again

After all email services are still businesses that need to make money to keep the lights on.

The most valuable thing about providing an email service is the analytics data that it has access too. Your email provides (Google, Yahoo, etc) with a vast amount of information about you. Not only do they have the ability to capture your profile information, but your browsing information too. Email has the added benefit of providing information about the people you contact. In other words, gmail learns a lot about non-gmail users by scanning emails sent to & from gmail users. This effectively helps target advertisements to everybody. 

Many privacy “agreements’ are yes/no — you’re either in or out — and especially online, it’s not reasonable to expect people to decline them (since use of basic services is often at stake).

If you needed someone else’s thoughts, here is Wikipedia explaining the use of ‘You As A Product’.

wikipedia
Your attention and profile is being sold to advertisers.

 

All data may be personal but it’s not all private

Ultimately, this issue is likely to become even more argumentative in the future as wearable devices,  smart appliances, connected cars, and other elements of daily life become linked together.  These misperceptions are enhanced by privacy policies that are often difficult to interpret, even to the small number of consumers who do try to read them. (yes I’m one of them!)

Most folks think that opting-in to a privacy policy actually protects them, instead of releases their data for corporate uses. More than 4 out of 5 of mobile apps don’t explain what data gets collected/how it’s used.


FCC will be posting new surveys on you as in individual asking for

your expectations in data sharing.


 

Most terms and conditions (those pesky T&Cs that you must agree to use the app) use the words ‘shared with our partners’ which can open the possibles to use the data collected.